istio · istio-testing · Jan 5, 2019 · Jan 4, 2019 · Jan 4, 2019 · Jan 4, 2019
diff --git a/WORKSPACE b/WORKSPACE
@@ -35,8 +35,8 @@ bind(
 # When updating envoy sha manually please update the sha in istio.deps file also
 #
 # Determine SHA256 `wget https://github.com/envoyproxy/envoy/archive/COMMIT.zip && sha256sum COMMIT.zip`
-ENVOY_SHA = "87d1c78ac483f34e87713628beeccb58b4cfd480"
-ENVOY_SHA256 = "0a450928348ef47bf6e3564c07fdce58a5e300d56088ba602bea07216a09e070"
+ENVOY_SHA = "2a2ad48a7d4b57512bc10a9593e852fe950b1c8d"
+ENVOY_SHA256 = "a86dd396bd3db8401d45f9d387d3177ba1eb8298520ef684c1deaf7b91a1af1d"
 
 http_archive(
     name = "envoy",

diff --git a/istio.deps b/istio.deps
@@ -11,6 +11,6 @@
 		"name": "ENVOY_SHA",
 		"repoName": "envoyproxy/envoy",
 		"file": "WORKSPACE",
-		"lastStableSHA": "87d1c78ac483f34e87713628beeccb58b4cfd480"
+		"lastStableSHA": "2a2ad48a7d4b57512bc10a9593e852fe950b1c8d"
 	}
 ]
diff --git a/src/envoy/http/authn/authn_utils.cc b/src/envoy/http/authn/authn_utils.cc
@@ -15,6 +15,7 @@
 
 #include <regex>
 
+#include "absl/strings/match.h"
 #include "authn_utils.h"
 #include "common/json/json_loader.h"
 #include "google/protobuf/struct.pb.h"
@@ -144,10 +145,10 @@ bool AuthnUtils::MatchString(const char* const str,
       return match.exact().compare(str) == 0;
     }
     case iaapi::StringMatch::kPrefix: {
-      return StringUtil::startsWith(str, match.prefix());
+      return absl::StartsWith(str, match.prefix());
     }
     case iaapi::StringMatch::kSuffix: {
-      return StringUtil::endsWith(str, match.suffix());
+      return absl::EndsWith(str, match.suffix());
     }
     case iaapi::StringMatch::kRegex: {
       return std::regex_match(str, std::regex(match.regex()));

diff --git a/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk b/src/envoy/http/jwt_auth/integration_test/envoy.conf.jwk
@@ -5,7 +5,6 @@
       "bind_to_port": true,
       "filters": [
         {
-          "type": "read",
           "name": "http_connection_manager",
           "config": {
             "codec_type": "auto",

diff --git a/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk b/src/envoy/http/jwt_auth/integration_test/envoy_allow_missing_or_failed_jwt.conf.jwk
@@ -5,7 +5,6 @@
       "bind_to_port": true,
       "filters": [
         {
-          "type": "read",
           "name": "http_connection_manager",
           "config": {
             "codec_type": "auto",

diff --git a/src/envoy/http/jwt_auth/token_extractor.cc b/src/envoy/http/jwt_auth/token_extractor.cc
@@ -14,6 +14,7 @@
  */
 
 #include "src/envoy/http/jwt_auth/token_extractor.h"
+#include "absl/strings/match.h"
 #include "common/common/utility.h"
 #include "common/http/utility.h"
 
@@ -33,20 +34,20 @@ const std::string kParamAccessToken = "access_token";
 
 }  // namespace
 
-JwtTokenExtractor::JwtTokenExtractor(const JwtAuthentication& config) {
-  for (const auto& jwt : config.rules()) {
+JwtTokenExtractor::JwtTokenExtractor(const JwtAuthentication &config) {
+  for (const auto &jwt : config.rules()) {
     bool use_default = true;
     if (jwt.from_headers_size() > 0) {
       use_default = false;
-      for (const auto& header : jwt.from_headers()) {
-        auto& issuers = header_maps_[LowerCaseString(header.name())];
+      for (const auto &header : jwt.from_headers()) {
+        auto &issuers = header_maps_[LowerCaseString(header.name())];
         issuers.insert(jwt.issuer());
       }
     }
     if (jwt.from_params_size() > 0) {
       use_default = false;
-      for (const std::string& param : jwt.from_params()) {
-        auto& issuers = param_maps_[param];
+      for (const std::string &param : jwt.from_params()) {
+        auto &issuers = param_maps_[param];
         issuers.insert(jwt.issuer());
       }
     }
@@ -55,21 +56,21 @@ JwtTokenExtractor::JwtTokenExtractor(const JwtAuthentication& config) {
     if (use_default) {
       authorization_issuers_.insert(jwt.issuer());
 
-      auto& param_issuers = param_maps_[kParamAccessToken];
+      auto &param_issuers = param_maps_[kParamAccessToken];
       param_issuers.insert(jwt.issuer());
     }
   }
 }
 
 void JwtTokenExtractor::Extract(
-    const HeaderMap& headers,
-    std::vector<std::unique_ptr<JwtTokenExtractor::Token>>* tokens) const {
+    const HeaderMap &headers,
+    std::vector<std::unique_ptr<JwtTokenExtractor::Token>> *tokens) const {
   if (!authorization_issuers_.empty()) {
-    const HeaderEntry* entry = headers.Authorization();
+    const HeaderEntry *entry = headers.Authorization();
     if (entry) {
       // Extract token from header.
-      const HeaderString& value = entry->value();
-      if (StringUtil::startsWith(value.c_str(), kBearerPrefix, true)) {
+      const HeaderString &value = entry->value();
+      if (absl::StartsWith(value.getStringView(), kBearerPrefix)) {
         tokens->emplace_back(new Token(value.c_str() + kBearerPrefix.length(),
                                        authorization_issuers_, true, nullptr));
         // Only take the first one.
@@ -79,8 +80,8 @@ void JwtTokenExtractor::Extract(
   }
 
   // Check header first
-  for (const auto& header_it : header_maps_) {
-    const HeaderEntry* entry = headers.get(header_it.first);
+  for (const auto &header_it : header_maps_) {
+    const HeaderEntry *entry = headers.get(header_it.first);
     if (entry) {
       tokens->emplace_back(
           new Token(std::string(entry->value().c_str(), entry->value().size()),
@@ -94,10 +95,10 @@ void JwtTokenExtractor::Extract(
     return;
   }
 
-  const auto& params = Utility::parseQueryString(std::string(
+  const auto &params = Utility::parseQueryString(std::string(
       headers.Path()->value().c_str(), headers.Path()->value().size()));
-  for (const auto& param_it : param_maps_) {
-    const auto& it = params.find(param_it.first);
+  for (const auto &param_it : param_maps_) {
+    const auto &it = params.find(param_it.first);
     if (it != params.end()) {
       tokens->emplace_back(
           new Token(it->second, param_it.second, false, nullptr));